Enterprise bug fixes for the week of May 22, 2023 (#37267)

Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
2023-06-01 08:45:07 -05:00 · 2023-06-01 08:45:07 -05:00 · 64b48cbabb
--- a/content/admin/configuration/configuring-github-connect/managing-github-connect.md
+++ b/content/admin/configuration/configuring-github-connect/managing-github-connect.md
@ -40,7 +40,13 @@ Enabling {% data variables.product.prodname_github_connect %} creates a {% data

 ## Prerequisites

-To use {% data variables.product.prodname_github_connect %}, you must have an enterprise account on {% data variables.product.prodname_dotcom_the_website %} that uses {% data variables.product.prodname_ghe_cloud %}. You may already have {% data variables.product.prodname_ghe_cloud %} included in your plan. {% data reusables.enterprise.link-to-ghec-trial %}
+To use {% data variables.product.prodname_github_connect %}, you must have an enterprise account on {% data variables.product.prodname_dotcom_the_website %} that uses {% data variables.product.prodname_ghe_cloud %}. You may already have {% data variables.product.prodname_ghe_cloud %} included in your plan.
+
+{% note %}
+
+**Note:** Your enterprise account on {% data variables.product.prodname_dotcom_the_website %} must be invoiced. Enterprise accounts on the free trial of {% data variables.product.prodname_ghe_cloud %} or that pay by credit card cannot be connected to {% data variables.location.product_location %}.
+
+{% endnote %}

 {% ifversion ghes %}
 If your enterprise account on {% data variables.product.prodname_dotcom_the_website %} uses IP allow lists, you must add the IP address or network for {% data variables.location.product_location %} to your IP allow list on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
--- a/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users.md
+++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users.md
@ -38,6 +38,8 @@ Support for OIDC is available for customers using Azure Active Directory (Azure

 Each Azure AD tenant can support only one OIDC integration with {% data variables.product.prodname_emus %}. If you want to connect Azure AD to more than one enterprise on {% data variables.product.prodname_dotcom %}, use SAML instead. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)."

+OIDC does not support IdP-initiated authentication.
+
 ## Configuring OIDC for Enterprise Managed Users

 1. Sign into {% data variables.product.prodname_dotcom_the_website %} as the setup user for your new enterprise with the username **@<em>SHORT-CODE</em>_admin**.
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md
+++ b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md
@ -40,14 +40,10 @@ Alternatively, you can provision and manage the accounts of your enterprise memb

 After you enable SAML SSO, depending on the IdP you use, you may be able to enable additional identity and access management features.

+{% data reusables.saml.no-scim-for-enterprises %}
+
 If you use Azure AD as your IdP, you can use team synchronization to manage team membership within each organization. {% data reusables.identity-and-permissions.about-team-sync %} For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise)."

-{% note %}
-
-**Note:** You cannot configure SCIM for your enterprise account unless your account was created to use {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
-
-{% endnote %}
-
 {% data reusables.saml.switching-from-org-to-enterprise %} For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account)."

 {% elsif ghes %}
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta.md
+++ b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta.md
@ -25,6 +25,8 @@ You can control access to your enterprise account in {% data variables.product.p

 SAML SSO controls and secures access to enterprise account resources like organizations, repositories, issues, and pull requests. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)."

+{% data reusables.saml.no-scim-for-enterprises %}
+
 {% data reusables.saml.switching-from-org-to-enterprise %} For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account)."

 Alternatively, you can also configure SAML SSO using Okta for an organization that uses {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/configuring-saml-single-sign-on-and-scim-using-okta)."
--- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md
+++ b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md
@ -39,6 +39,8 @@ For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-

 {% data reusables.saml.about-saml-access-enterprise-account %} For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise)."

+{% data reusables.saml.no-scim-for-enterprises %}
+
 {% data reusables.saml.saml-disabled-linked-identities-removed %}

 {% data reusables.apps.reauthorize-apps-saml %}
--- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md
+++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md
@ -849,21 +849,16 @@ Before you'll see `git` category actions, you must enable Git events in the audi
 | `organization_projects_change.enable` | Organization projects were enabled for all organizations in an enterprise. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise#enforcing-a-policy-for-organization-wide-project-boards)."
 {%- endif %}

+{%- ifversion not ghes %}
 ## `packages` category actions

 | Action | Description
 |--------|-------------
-| `packages.insecure_hash` | Maven published an insecure hash for a specific package version.
 | `packages.package_deleted` | A package was deleted from an organization.{% ifversion fpt or ghec or ghes %} For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)."{% endif %}
 | `packages.package_published` | A package was published or republished to an organization.
-| `packages.package_restored` | An entire package was restored.{% ifversion fpt or ghec or ghes %} For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)."{% endif %}
 | `packages.package_version_deleted` | A specific package version was deleted.{% ifversion fpt or ghec or ghes %} For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)."{% endif %}
 | `packages.package_version_published` | A specific package version was published or republished to a package.
-| `packages.package_version_restored` | A specific package version was deleted.{% ifversion fpt or ghec or ghes %} For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)."{% endif %}
-| `packages.part_upload` | A specific package version was partially uploaded to an organization.
-| `packages.upstream_package_fetched` | A specific package version was fetched from the npm upstream proxy.
-| `packages.version_download` | A specific package version was downloaded.
-| `packages.version_upload` | A specific package version was uploaded.
+{%- endif %}

 {%- ifversion fpt or ghec %}
 ## `pages_protected_domain` category actions
@ -1044,7 +1039,7 @@ Before you'll see `git` category actions, you must enable Git events in the audi

 | Action | Description
 |--------|-------------
-| `repo.access`         | The visibility of a repository changed to private{%- ifversion ghes %}, public,{% endif %} or internal.
+| `repo.access`         | The visibility of a repository changed.
 | `repo.actions_enabled` | {% data variables.product.prodname_actions %} was enabled for a repository.
 | `repo.add_member`     | A collaborator was added to a repository.
 | `repo.add_topic`     | A topic was added to a repository.
--- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md
+++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md
@ -97,26 +97,7 @@ For information on creating or accessing your access key ID and secret key, see
   - For "Audience", use `sts.amazonaws.com`.
 {% data reusables.audit_log.create-s3-bucket %}
 {% data reusables.audit_log.create-s3-policy %}
-1. Create a bucket, and block public access to the bucket. For more information, see [Creating, configuring, and working with Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html) in the AWS documentation.
-1. Create a policy that allows {% data variables.product.company_short %} to write to the bucket by copying the following JSON and replacing `EXAMPLE-BUCKET` with the name of your bucket. {% data variables.product.prodname_dotcom %} requires only the permissions in this JSON.
-
-   ```
-   {
-      "Version": "2012-10-17",
-      "Statement": [
-         {
-            "Sid": "VisualEditor0",
-            "Effect": "Allow",
-            "Action": [
-               "s3:PutObject"
-            ],
-            "Resource": "arn:aws:s3:::EXAMPLE-BUCKET/*"
-        }
-      ]
-   }
-   ```
-   For more information, see [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the AWS documentation.
-4. Configure the role and trust policy for the {% data variables.product.prodname_dotcom %} IdP. For more information, see [Creating a role for web identity or OpenID Connect Federation (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html) in the AWS documentation.
+1. Configure the role and trust policy for the {% data variables.product.prodname_dotcom %} IdP. For more information, see [Creating a role for web identity or OpenID Connect Federation (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html) in the AWS documentation.

   - Add the permissions policy you created above to allow writes to the bucket.
   - Edit the trust relationship to add the `sub` field to the validation conditions, replacing `ENTERPRISE` with the name of your enterprise.
@ -132,7 +113,7 @@ For information on creating or accessing your access key ID and secret key, see
 {% data reusables.enterprise.navigate-to-log-streaming-tab %}
 {% data reusables.audit_log.streaming-choose-s3 %}
 1. Under "Authentication", click **OpenID Connect**.
-2. Configure the stream settings.
+1. Configure the stream settings.

   - Under "Bucket", type the name of the bucket you want to stream to. For example, `auditlog-streaming-test`.
   - Under "ARN Role" type the ARN role you noted earlier. For example, `arn:aws::iam::1234567890:role/github-audit-log-streaming-role`.
--- a/content/admin/user-management/managing-users-in-your-enterprise/managing-dormant-users.md
+++ b/content/admin/user-management/managing-users-in-your-enterprise/managing-dormant-users.md
@ -25,8 +25,6 @@ topics:
 {% ifversion ghec %}
 When assessing user dormancy, we only consider organizations, repositories, or sign-on events that are associated with the enterprise. For example, a user who has recently commented on an issue in a public repository outside of the enterprise may be considered dormant, while a user who has commented on an issue in a public repository within the enterprise will not be considered dormant.

-Only sign-on events through an SSO domain associated with your enterprise are considered user activity associated with the enterprise.
-
 The report includes both enterprise members and outside collaborators.
 {% endif %}

--- a/content/authentication/keeping-your-account-and-data-secure/security-log-events.md
+++ b/content/authentication/keeping-your-account-and-data-secure/security-log-events.md
@ -119,7 +119,7 @@ topics:

 | Action | Description
 |------------------|-------------------
-| `access` | Triggered when you a repository you own is [switched from "private" to "public"](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility) (or vice versa).
+| `access` | Triggered when you [change the visibility of a repository](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility).
 | `add_member` | Triggered when a {% data variables.product.product_name %} user is {% ifversion fpt or ghec %}[invited to have collaboration access](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository){% else %}[given collaboration access](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository){% endif %} to a repository.
 | `add_topic` | Triggered when a repository owner [adds a topic](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics) to a repository.
 | `archived` | Triggered when a repository owner [archives a repository](/repositories/archiving-a-github-repository/archiving-repositories).{% ifversion ghes %}
--- a/content/authentication/managing-commit-signature-verification/about-commit-signature-verification.md
+++ b/content/authentication/managing-commit-signature-verification/about-commit-signature-verification.md
@ -46,18 +46,20 @@ Signing commits differs from signing off on a commit. For more information about
 | **Unverified** | The commit is signed but the signature could not be verified.
 | No verification status | The commit is not signed.

+{% endif %}
+
 ### Signature verification for rebase and merge
 {% data reusables.pull_requests.rebase_and_merge_verification %}

 For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/about-merge-methods-on-github#rebasing-and-merging-your-commits)."

+{% ifversion fpt or ghec %}
 ### Statuses with vigilant mode enabled

 {% data reusables.identity-and-permissions.vigilant-mode-verification-statuses %}

 {% endif %}

-
 Repository administrators can enforce required commit signing on a branch to block all commits that are not signed and verified. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-signed-commits)."

 {% data reusables.identity-and-permissions.verification-status-check %}
--- a/content/migrations/using-github-enterprise-importer/migrating-repositories-with-github-enterprise-importer/migrating-repositories-from-azure-devops-to-github-enterprise-cloud.md
+++ b/content/migrations/using-github-enterprise-importer/migrating-repositories-with-github-enterprise-importer/migrating-repositories-from-azure-devops-to-github-enterprise-cloud.md
@ -229,6 +229,7 @@ gh ado2gh migrate-repo --ado-org SOURCE --ado-team-project TEAM-PROJECT --ado-re
 ```

 {% data reusables.enterprise-migration-tool.migrate-repo-table-ec %}
+TEAM-PROJECT | Name of the team project of the repository you want to migrate

 ## Step 6: Validate your migration and check the error log

--- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization.md
+++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization.md
@ -398,15 +398,16 @@ For more information, see "[AUTOTITLE](/organizations/managing-organization-sett
 | `update` | Triggered when a default label is edited.
 | `destroy` | Triggered when a default label is deleted.

+{%- ifversion not ghes %}
 ## `packages` category actions

 | Action | Description |
 |--------|-------------|
+| `package_deleted` | Triggered when an entire package is deleted. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)."
 | `package_version_published` | Triggered when a package version is published. |
 | `package_version_deleted` | Triggered when a specific package version is deleted. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)."
-| `package_deleted` | Triggered when an entire package is deleted. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)."
-| `package_version_restored` | Triggered when a specific package version is deleted. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)."
-| `package_restored` | Triggered when an entire package is restored. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)."
+| `package_version_published` | A specific package version was published or republished to a package.
+{%- endif %}

 {% ifversion fpt or ghec %}

--- a/data/reusables/enterprise-accounts/dormant-user-activity.md
+++ b/data/reusables/enterprise-accounts/dormant-user-activity.md
@ -1,6 +1,6 @@
 A user is considered active if the user has performed any of the following activities on {% ifversion fpt or ghes %}{% data variables.location.product_location %}{% elsif ghae %}{% data variables.product.product_name %}{% elsif ghec %}your enterprise{% endif %}.

- Signing into {% data variables.location.product_location %}
+- {% ifversion ghec%}Authenticating to access your enterprise's resources via SAML SSO{% else %}Signing into {% data variables.location.product_location %} {% endif %}
 - Creating a repository
 - Pushing to a repository
 - Being added to a repository
@ -12,12 +12,12 @@ A user is considered active if the user has performed any of the following activ
 - Assigning or unassigning an issue or pull request
 - Requesting a review of a pull request, or removing a review request
 - Creating or editing a comment in a pull request review
- Dismissing a comment in a pull request 
+- Dismissing a comment in a pull request
 - Synchronizing a pull request
 - Commenting on a commit
 - Publishing a release
- Pushing to a wiki
- Watching a repository
+- Pushing to a wiki{% ifversion not ghec %}
+- Watching a repository{% endif %}
 - Starring a repository
 - Deleting a repository
 - Joining an organization
--- a/data/reusables/saml/no-scim-for-enterprises.md
+++ b/data/reusables/saml/no-scim-for-enterprises.md
@ -0,0 +1,9 @@
+{% ifversion ghec %}
+{% note %}
+
+**Note:** You cannot configure SCIM for your enterprise account unless your account was created for {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
+
+If you do not use {% data variables.product.prodname_emus %}, and you want to use SCIM provisioning, you must configure SAML SSO at the organization level, not the enterprise level. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on)."
+
+{% endnote %}
+{% endif %}
--- a/data/reusables/support/enterprise-comment-on-support-tickets.md
+++ b/data/reusables/support/enterprise-comment-on-support-tickets.md
@ -1,6 +1,6 @@
 To comment on a ticket associated with your enterprise account that was opened by another user, one of two conditions must be met:

 - An email address associated with your {% data variables.product.prodname_dotcom %} account is copied on the ticket
- Your enterprise has a verified domain and the person who opened the ticket selected their verified-domain email
+- Your enterprise on {% data variables.product.prodname_dotcom_the_website %} has a verified domain and the person who opened the ticket selected their verified-domain email

-For more information about verifying a domain, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise)" and "[AUTOTITLE](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)."
+For more information about verifying a domain, see "[AUTOTITLE](/enterprise-cloud@latest/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise)" and "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)."